An immutable backup is a backup copy that can’t be changed or deleted for a set period — not by you, not by your IT provider, not even by an administrator account. Think of it like writing in pen instead of pencil: once it’s down, nobody can rub it out until the timer runs out. The term is worth knowing this week, because Veeam just patched a critical flaw that let attackers take over backup servers, and as BleepingComputer reports, ransomware gangs openly admit they hunt backup servers first.
Why first? Because your backups are your way out of paying a ransom. The standard playbook — used by groups like Akira, Qilin and FIN7 — is to break in quietly, find the backup server, delete or encrypt every backup, and only then lock up your live systems. No backups, no recovery, no choice but to negotiate. It’s the digital equivalent of burning the spare keys before stealing the car.
Immutability breaks that playbook. Even if an attacker gains full control of your backup software, an immutable copy — stored on hardened storage or in the cloud with object locking — simply refuses the delete command. You can still restore, which means the ransom loses most of its leverage.
The practical takeaway: ask your IT provider two questions this week. Are any of our backups immutable? And is our backup system separated from our main network? If the answer to either is “not sure”, that’s worth fixing before it’s tested for real. All IT builds immutability into our backup and disaster recovery setups as standard.
Related Guide
Cybersecurity for Sydney SMBs
Explore our complete guide to protecting your business from cyber threats.
